common/secret.c: don't pass uninitialized stack data to the kernel

ceph_unarmor() returns the number of bytes decoded, which can be (and usually is) smaller than the size of the payload array. set_kernel_secret() has behaved this way ever since it was introduced in commit bee85518e2 ("mount.ceph: Use kernel key management API when possible."). The reason it didn't cause problems in the kernel is that the encoding includes the actual length of the secret and there is no check for the end of the supplied payload (see ceph_key_preparse() in net/ceph/crypto.c). Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2025-02-22 10:37:15 +00:00 · 2019-09-30 17:50:55 +02:00 · 2019-09-30 17:50:55 +02:00 · 1ff296c1ae
commit 1ff296c1ae
parent 712393daf3
1 changed files with 1 additions and 1 deletions
--- a/src/common/secret.c
+++ b/src/common/secret.c
@ -69,7 +69,7 @@ int set_kernel_secret(const char *secret, const char *key_name)
    return ret;
  }

-  serial = add_key("ceph", key_name, payload, sizeof(payload), KEY_SPEC_PROCESS_KEYRING);
+  serial = add_key("ceph", key_name, payload, ret, KEY_SPEC_PROCESS_KEYRING);
  if (serial == -1) {
    ret = -errno;
  }